summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/httpinstance.py
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2014-06-09 16:04:09 +0200
committerPetr Viktorin <pviktori@redhat.com>2014-07-30 16:04:21 +0200
commitd2bf0b8b540e4efdb5ef06a449310f9a04a2eb17 (patch)
treed9d95c32799bc4141f2d8bcda301624be413b51d /ipaserver/install/httpinstance.py
parent9d4eeeda55b397237af17392f3acb9542e126145 (diff)
downloadfreeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.tar.gz
freeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.tar.xz
freeipa-d2bf0b8b540e4efdb5ef06a449310f9a04a2eb17.zip
Fix trust flags in HTTP and DS NSS databases.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver/install/httpinstance.py')
-rw-r--r--ipaserver/install/httpinstance.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 3ca3bf77f..56f8a8910 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -269,8 +269,13 @@ class HTTPInstance(service.Service):
db = certs.CertDB(self.realm, subject_base=self.subject_base)
if self.pkcs12_info:
+ if api.env.enable_ra:
+ trust_flags = 'CT,C,C'
+ else:
+ trust_flags = None
db.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1],
- passwd=None, ca_file=self.ca_file)
+ passwd=None, ca_file=self.ca_file,
+ trust_flags=trust_flags)
server_certs = db.find_server_certs()
if len(server_certs) == 0:
raise RuntimeError("Could not find a suitable server cert in import in %s" % self.pkcs12_info[0])
generated by cgit (git 2.34.1) at 2024-09-21 03:59:11 +0000